Tag all of the tests in meta-arm so that they can be selectively ran
without needing to explicitly list them.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patch was accepted upstream and has been pulled back the 6.5 and 6.1
kernels. So, it is no longer needed here.
Signed-off-by: Jon Mason <jon.mason@arm.com>
The v6.4 kernel is needed for some platforms in meta-arm-bsp.
Temporarily add it here to give those machines enough time to
update to the latest version. Also, add the patch to the
defconfig.
Signed-off-by: Jon Mason <jon.mason@arm.com>
When ccache is enabled trusted-firmware-a recipe fails with this
error message:
make: *** No rule to make target 'aarch64-poky-linux-gcc'. Stop.
ccache prefix CC variable with 'ccache' word before compiler. Because
there are no quotes assigned to CC, only 'ccache' is assigned. The
compiler becomes a make target, producing the build error.
Add single quotes to LD is a good measure to prevent this kind of error.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Multiple machines in meta-arm-bsp have need of the 2023.07.02 version of
u-boot. Temporarily add it here to give those machines enough time to
update to the latest version.
NOTE: MTD changes in u-boot require changes to the qemuarm config.
Specifically, not disabling it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Enables authenticated capsule update and makes necessary changes to
align with new capsule generation tool (mkeficapsule in u-boot).
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds signature to device-tree overlay and enables authenticated capsule
update in u-boot for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to enable capsule update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Adds meta-secure-core to corstone1000.yml to enable signed capsule
update feature.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Meta-secure-core is used to create signed capsule (firmware update
images). This adds meta-secure-core.yml file and since it depends on meta-perl
from oe-core, it adds that layer to meta-openembedded.yml
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas binary is identical, but the container has been rebuilt using
Debian 12 (Bookworm).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The Kas container in version 4 onwards is based on Debian 12, which
forbids pip from installing files into /usr or ~/.local/.
We want to install the arbitrary dependencies for the documentation
build, so these should be installed in a venv.
The kas container doesn't currently install python3-venv, so we have to
install that manually (patch sent upstream).
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Upgrade nanopb, clean up how it is build, and hopefully fix the build
races. This patch isn't quite ready to be upstreamed but discussion
with the TS maintainer is ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Now that the apply_local_src_patches class supports being used with
multiple directories, use that instead of reimplementing the logic.
Also remove redundant patchdir assignments as these patches are against
the trusted-services repository, which is ${S}. I suspect these are
exposing a subtle bug in the core patching logic which meant the local
patches were not applying correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This test needs the TF-A sources available to build. When the test is
needed, this commit can be reverted to bring it back.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
This recipe won't pass configure without the jsonschema and jinja2
Python modules.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
As with ts-service-test, manually move the binary to $bindir.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The configure log warns that it couldn't find pkgconfig, so add this so
it can.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pass through the choice of CMake Generator when starting sub-cmakes for
the external components, so that they use Ninja instead of Make.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Pull out the patch application logic so the postfunc by default scans
for patches in LOCAL_SRC_PATCHES_INPUT_DIR and applies them to
LOCAL_SRC_PATCHES_DEST_DIR as before.
This allows recipes to inherit the class and directly call
apply_local_src_patches as needed to process patches in multiple
directories.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The fvp-baser-aemv8r64 machine will not be actively maintained.
Signed-off-by: Divin Raj <divin.raj@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Remove U-Boot specific DT nodes before passing the DT to Linux
This is needed to pass SystemReady IR 2.0 dt-schema tests
Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The optee recipe installs the tee image using `${nonarch_base_libdir}`
If usrmerge is enabled this is `/usr/lib`, otherwise it is `/lib`
Several platforms (corstone1000, n1sdp, tc) look for tee-pager_v2.bin in
the hard-coded `/lib/firmware`, hence if usrmerge is enabled it won't be
found.
Fix these platforms by using `${nonarch_base_libdir}` instead of `/lib`
as per the qemu platform code in the generic recipe.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebase the patches on
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
TFM updated to 1.8.1. Note, TF-Mv1.8.1 tags point to the same SHA as
the TF-Mv1.8.0 tag for tf-m-tests and tf-m-extras.
Signed-off-by: Jon Mason <jon.mason@arm.com>
tee and teeclnt are there to avoid running client applications (CAs) and
tee-supplicant as root.
- The teeclnt group stands for "TEE client" and is for CAs (CAs need
access to /dev/tee[0-9]* but not /dev/teepriv[0-9]*).
- tee is just for tee-supplicant to open its device /dev/teepriv[0-9]*.
No other process is supposed to open that one.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Rationalise the port forwarding to be the same as the runqemu defaults,
so change the SSH port forward to be 2222=22 instead of 8022=22.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
QEMU_USE_SLIRP is no longer needed[1] as adding slirp to
TEST_RUNQEMUPARAMS is sufficient, so remove that.
Setting TEST_SERVER_IP also isn't needed as there's a default value now,
and we disable the package management tests that would use the server
IP. When they work the correct IP can be set.
[1] As of oe-core f4e8650
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Update to the latest versions of edk2 and edk2-platforms. This
necessitates updating the patches in sbsa-acs to apply cleanly to the
latest version of edk2.
Signed-off-by: Jon Mason <jon.mason@arm.com>
It's expected to exist multiple /dev/teepriv[0-9]* devices, and the
tee-supplicant service depends on them, which should be activated only
when the device is detected by the kernel using a udev rule.
Improve commit f02d065dce, where it's only considering a path creation
and not a device detection by the kernel.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The update-repos script currently exits immediately if one of the
underlying Git commands fails (e.g. because of a network issue). If the
repo already exists, then catch this error inside the loop and
carrying on attempting to update other repos, as the network error may
be upstream.
KAS_REPO_REF_DIR is ultimately an optimization and subsequent build
stages should be able to continue if one of the updates fail. Therefore,
ensure the script returns a special error code if at least of the Git
commands fail, and use this to set the allow_failure property of the
job.
If a repo does not exist, fail immediately as before.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
To make the pipeline slightly more resilient to external networking
issues, allow a local container registry mirror to be specified in the
GitLab settings. If not specified, the upstream container registry is
used automatically.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Since optee-os for N1SDP has been updated to 3.22,
this patch updates optee-os-tadevkit and optee-test
to match the same version.
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Bump kernel version to v6.4 and rebased N1SDP kernel PCIe quirk patches
top of this new version.
Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The default XSERVER only pulls in the framebuffer driver, which is
pretty broken with modern kernels and the modesetting driver is a lot
more functional.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The sbsa-ref machine can't use KVM because it's an entire emulated
machine, not a virtual machine.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
The consoles to use isn't specific to the qemu machine, and without a
value results in no serial consoles when running on real hardware under
sysvinit.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
Patches (and recipe support) were added for qemuarm64-secureboot
support, but that is not present in meta-arm-bsp. Remove it.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Without /dev/teepriv[0-9]*, tee-supplicant.service will fail. Prevent
a failure with a condition to check if /dev/teepriv[0-9]* path exists.
Signed-off-by: Javier Tia <javier.tia@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>
ARM Reference Solutions' N1SDP 2023.06.22 manifest
uses edk2-firmware version 202305. This patch
aligns with the manifest.
The RemoteDdrSize cast patch is now upstreamed,
hence removed from the patches list
Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
Enables the support of a second mmc card, which enables distro installation.
Signed-off-by: Delane Brandy <delane.brandy@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
